• Hands-on experience with Tenable Security Center. The candidate should have experience creating and running scans, analyzing the results, and creating and maintaining asset groups.
• An understanding of penetration testing techniques, tools, and validation of results. The candidate will not be expected to perform penetration testing, but should be able to explain how a given vulnerability might be exploited by an attacker.
• Experience performing vulnerability assessments and remediation, and creating or modifying security policies and procedures. The candidate should be able to recommend remediation or mitigation strategies based on scan findings.
• In depth understanding in multiple areas of Information Security such as networking (TCP/IP, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.). The candidate should be able to discuss how a vulnerability might be mitigated through different security controls.
• Experience working with Information Security tools in a large, complex, multi-platform environment.
• Experience with web application testing a plus, but not required.
Additional skills:
Rapid7 Nexpose, Nessus, and Tenable Security Center